Subscribe • Previous Issues
Your CLI Was Built for Humans, Not Agents
There’s a friendly debate among developers about how to give AI agents reliable ways to use external tools, data, and services so they can do useful work beyond generating text. One side favors CLIs, or Command-Line Interfaces, where agents run text commands against tools like git, aws, jq, duckdb and internal scripts. The other side favors MCP, or Model Context Protocol, which gives agents a structured way to discover tools, authenticate, and call services through defined schemas. This may seem confined to coding agent, but the tradeoffs apply equally to anyone deploying agents in operations, finance, customer success, or any workflow where agents need to touch real systems. Once an agent starts taking action, its interface with the outside world is no longer just a technical detail. It becomes a critical decision point for security, cost, and governance, regardless of whether that agent is writing code or managing customer data.
If you read often, consider becoming a paid supporter 🙏
CLI: Fast, Familiar, and Sharp-Edged
The strongest case for CLI is that it is familiar, flexible, and cheap. First, AI models have been trained on enormous quantities of shell scripts, developer documentation, and terminal content, which means they already understand tools like git, docker, and kubectl, without any special configuration, and that familiarity translates directly into reliability and lower error rates. Second, CLI output is composable: an agent can pipe the output of one command directly into another to filter, aggregate, or reshape data before it enters the model’s working memory. Finally, the token efficiency advantage is real and measurable. Loading a single MCP server’s full tool schema can consume tens of thousands of tokens before any useful work begins, whereas CLI tools require zero upfront context cost and agents can discover a tool’s capabilities on demand using its built-in –help flag. The catch is that CLI access can be too powerful. Giving an agent raw shell access without sandboxing, credential isolation, and approval gates makes it incredibly difficult to prevent unauthorized changes to files and networks.
The MCP Case for Agents
MCP’s advocates have a direct response to the CLI-first view: CLI doesn’t account for how most AI is actually consumed in the world. The majority of people interacting with AI agents do so through browser-based chat interfaces or mobile apps where running shell commands is simply not an option, and many business tools have no CLI equivalent at all. For those contexts, MCP fills a genuine gap: it gives agents a self-describing interface where the agent discovers which tools are available and how to use them upon connecting, without needing to guess command syntax or parse documentation. Unlike CLI, MCP includes built-in OAuth authentication, per-user permissions, and audit trails that satisfy enterprise security requirements.
The main criticism is overhead. Poor MCP implementations can load huge tool schemas before useful work begins, burning tokens, adding latency, and leaving less room for reasoning. MCP can also introduce server failures, authentication friction, and harder debugging. The practical lesson is that MCP needs good interface design: smaller task-level tools, progressive disclosure, schema filtering, and gateways that show agents only what they need.
Your CLI Was Built for Humans, Not Agents
An agent can learn command syntax. The harder problem is that most CLIs were designed for humans, not software agents operating under time, token, and safety constraints. We easily overlook these flaws because humans are great at filling in the blanks. We can guess missing steps from bad manuals, decode vague error messages, and realize on our own when a tool requires us to log in before showing its options. An agent pays a concrete cost for every one of those gaps: repeated discovery loops, wasted tokens, fragile text parsing, and unnecessary interruptions asking the user what to do next. The CLI didn’t change. The user did.
The practical response is to treat CLI agent-readiness as something you can measure and improve, not just assume. An open-source project called CLIARE (CLI Agent Readiness Evaluation) does exactly this. It probes the actual installed binary, not your documentation, records what happens, and produces a scored report across six dimensions: whether commands are findable and navigable, whether valid invocations can be constructed, whether commands complete without hanging, whether bad inputs fail with clear errors, whether machine-readable output modes are available and actually work, and whether read-only probes stay read-only. The result is a scorecard you can run, track across releases, and share with the teams building agents on top of your tooling. That shifts interface quality from a guessing game into a measurable metric.
This matters well beyond coding agents. Companies can expose real operational authority through CLIs: deployments, finance workflows, database jobs, cloud control planes, support scripts, analytics pipelines, and internal platforms. If agents are going to touch those surfaces, the relevant question is not just “does a CLI exist?” It is “can the agent understand and use it without guessing?” AI teams exposing CLIs to agents should try CLIARE, or at least borrow its core idea: make the command surface measurable, versioned, parseable, and explicit about preconditions, outputs, side effects, and risk.
Match the Interface to the Risk
I would not treat this as a religious choice between CLI and MCP. The better question is what kind of authority the agent is being given, and on whose behalf it is acting. Use CLI when the workflow is local, composable, inspectable, and already lives close to the terminal: code, tests, logs, files, data inspection, build systems, mature vendor tools, and internal scripts. But if agents will use that CLI repeatedly, use CLIARE to measure the surface before relying on it.
Use MCP when the workflow is hosted, multi-user, permissioned, or tied to SaaS systems where OAuth, consent, scoped access, and audit trails matter. In both cases, raise the bar when the agent can touch money, identity, production systems, customer data, or irreversible state. The common design rule is simple: expose the task, not the whole system. Keep the interface small, prefer parseable outputs, separate reads from writes, log consequential actions, and require approvals for operations that cannot be easily undone. Transport choice matters. Interface design matters more.
The AI Developer Productivity Debate: A Field Guide
From “Does AI Actually Make Developers More Productive? The Evidence, For and Against”



